Open and Closed Source Firewalls

You can find a wide variety of firewalls available on the market today. Some are open source, such as Linux's IPTables, OpenBSD's pf, and the Solaris IPF firewalls. Others are closed source, such as the Cisco PIX and ASA firewall operating systems, Juniper's ScreenOS, and Check Point's firewall software. Some even use an underlying open source operating system and firewall code with closed source modifications. The differences between these firewalls are most typically noticeable in the additional capabilities of the commercial firewalls.

Most commercial firewalls today provide for tight integration of VPN capabilities for remote users as well as deep packet inspection within the firewall itself. Open source firewalls tend to focus on the filtering capabilities in the firewall process rather than the integration of the firewall with other applications (and typically leave such capabilities as VPN and intrusion detection to other software systems). This focus can lead to integration issues between other applications and the firewall itself but does not represent an insurmountable obstacle.

New companies have emerged that have taken open source firewall code and have cleaned up the management and improved the firewall such that the product produced rivals many of the closed source commercial firewalls. The business model of these companies is to offer a trimmed-down version of the product for free and charge for the more complete version or charge for the support, which many business customers will want in addition to the actual firewall. A good example of this model is the Shorewall firewall.